zlacker

[return to "Apple already shipped attestation on the web, and we barely noticed"]
1. codedo+Jb[view] [source] 2023-07-25 14:56:27
>>pimter+(OP)
Cannot attestation in Chrome be "fixed" by patching an attestation function so that it always returns true (even if there is an adblocker)?
◧◩
2. devsda+tP[view] [source] 2023-07-25 17:11:03
>>codedo+Jb
First, there's nothing to patch as it would probably need a cryptographic challenge response flow and not a simple yes or no.

Even if there's a patch, it would be difficult because there are other pieces of attestation that are already in place all the way upto the browser.

You cannot patch executables because os can verify executables via code signing signatures.

You cannot "patch" important parts of your OS (outside any zero days) with secure boot enabled(they can reject user keys for attestation).

◧◩◪
3. codedo+RG1[view] [source] 2023-07-25 20:34:39
>>devsda+tP
> You cannot "patch" important parts of your OS (outside any zero days)

So basically you just need to stop updating OS for 2 weeks and grab a fresh vulnerability to bypass attestation?

[go to top]